Evidence-Based Information Security Management
What you'll learn
- Use information security metrics for the effective management of cybersecurity
- Represent cybersecurity metrics in compact and engaging dashboards or reports
- How to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions
- Apply continuous improvement to cybersecurity
In this course you will master the design and operation of information security processes with metrics and you will be able to represent this metrics in compact and engaging dashboards or reports. You will learn what is a measurement, how your choice of a model influences what gets measured, what is the relationship between security activity and business goals, and how to use reports in a way that leads to understanding the security posture of the organisation and drive the right decisions. This course is for experienced information security managers to want to move their ISMS beyond simple Compliance.
If you want to avoid the following ISMS common failings, then this course is for you:
When specific people go on leave or get sick, performance is affected.
Audits are painful and it takes a significant effort to pass successfully.
Changes in the ways things are done are difficult and slow to implement.
The same errors are made over and over again.
More than 20% of the time of the team is used trying to determine what to do or how to do it.
It is no infrequent to enter discussions with other teams about who is responsible for what.
The available Metrics do not reflect the performance of the team or the level of security.
Magic bullets are tried by management on a monthly basis and forgotten shortly after.
New ticketing software was supposed to solve all management issues. Instead, it has introduced issues of its own.
Your ISMS is certified, but you are conscious that this wouldn't prevent a serious incident from happening.
Who this course is for:
- Experienced information security professionals
Evidence-based Cybersecurity management leader.
I am a cybersecurity author and speaker, and have more than 20 years experience
My subjects of interest are the application of scientific method to cybersecurity management, maturity and capability as indications of the ability of organizations to improve cybersecurity, and Identity Management.